Gregg Steinhafel's tenure as chief executive of Target came to an unfortunate conclusion this week when the retail chain announced that its leader was stepping down. Steinhafel's demise as CEO was not a direct result of the data breach that compromised the data of 110 million customers last December. Rather, it was the company's response to the data breach that likely created new questions about its leadership.

Three fundamental crisis response concepts might have helped Steinhafel stay at his post. The same lessons apply to any financial institution that finds itself dealing with a major data breach—and they could help the next bank CEO that faces a public relations disaster hang onto his job.

First, every company handling data requires a pre-planned customer response strategy in the event of a crisis. All companies that possess critical data and customer information should be aware that they may be subject to cyberattacks and plan accordingly. Response time is critical, as are prepared plans for mobilizing a practiced crisis team. Financial institutions should also plan customer response scripts, digital communications and social media strategies, media responses that can be edited to include specific facts and tactics for internal messaging and shareholder communications.

Customer response systems must be at the ready when a breach is announced. When call center agents have trouble answering factual questions, phone wait times stretch on and websites have no information easily available, customers won't remain customers for long. Messaging scripts should be shelf-ready with fill-in-the-blank specifics. Standing contingency staffing plans should be activated. Systems that monitor what customers are saying and measure the impact of companies' responses must also be in place.

Target's largest problem was its early release of inaccurate facts regarding the number of customers impacted by the breach. Target was quick to relay exactly what had happened—but its first version of events turned out to be wrong. Target initially announced that 40 million customers may have been impacted. That number grew exponentially as the investigation deepened.

It often takes several weeks for a clear picture of the facts of a data breach to emerge. Companies should avoid leaving customers hanging while they determine the exact nature of the breach, but they can delay releasing exact numbers or describe initial estimates or ranges. Those numbers will change. Financial institutions should remember that, regardless of external pressure to release information, the most important thing is ensuring that the facts it gives customers are correct and notifying the customers affected as soon as possible.

Firms can describe what they are doing to determine the facts of the cyberattack, tell customers that the breach has been closed, and let them know the steps the firm is taking to ensure that the customers are protected. In the absence of solid facts, financial institutions must lead with how they are handling the crisis and how they are protecting customers.

Finally, financial institutions in the midst of a crisis need leaders who have been through similar problems before. Their crisis management teams should include business leaders who have working domain knowledge of the problem at hand as well as people with financial, legal, regulatory and public relations expertise. Crisis teams should also reflect companies' organizational capabilities. For example, it is important to have human resources in the room, since someone may need to be fired as a result of the discovery process. A crisis will have implications for every business unit within a company.

Other aspects of Target's performance may have helped pave the way to Steinhafel's departure, including slower foot traffic and competition from online stores like Amazon. But none of these difficulties were as damaging to the store's brand as the cyberattack.

Data breaches are not a new phenomenon. They will happen again at Target, and they may well happen at any number of financial institutions. Should that time come, banks should be sure that they have prepared in advance. They need to communicate at the right time with every constituency, through every channel, and make sure that they are able to measure the results of their actions.

Michael F. Clement spent 28 years at one of the country's largest financial institutions and leads a crisis communications firm, Strait Insights LLC.

JOIN THE DISCUSSION

SEE MORE IN

RELATED TAGS

Good advice. The recent data breach at targets has greatly exposed how vulnerable businesses are to these attacks. To mitigate these issues businesses definitely need to adopt a detailed IT infrastructure planning and conduct regular security audits. I work for McGladrey and there's a whitepaper on our website that offers good information on this above discussed topic @ http://bit.ly/1c0f35M

Expect banks to pull back on energy lending in the near term, as regulators step up their scrutiny of oil loans and bankers approach the business with a "different attitude," says Mariner Kemper, chairman and chief executive at UMB Financial in Kansas City, Mo.

The post-election rise in stock prices has been a boon for investors, but it is also causing notable changes for financial institutions. Here are a number of ways that the rally can help  and hurt  the banking industry.

It's the time of year to give thanks, and for bankers some things to be grateful for include rising stock prices, a brightening M&A outlook and, most notably, the potential for regulatory relief under President-elect Donald Trump. Here is a list of developments the industry might be celebrating this Thanksgiving holiday.

Bankers are anxiously waiting to see who President-elect Donald Trump will pick as the next Treasury secretary. Several prominent names have been floated for the job, though with every passing day, a new possible choice seems to pop up. Following is a look at the current crop of candidates and their chances.

Mobile phones are only going to become a bigger part of how banks interact with their customers, so several institutions are looking to enhance that experience. They are focusing on better ways of opening accounts, verifying identities, interacting with customers and offering new services and features. Here are some of the improvements announced this year.

This year federal and state regulators have started to pay closer attention to the rapidly evolving online-lending sector  particularly online small-business lending. What follows is a look at eight key players in the debate over how to regulate this emerging industry.